Avast forum: Avast emails me my password!

One of the first things my ex, the IT guy, taught me about computers is that email is not secure. Consequently, I never send any sensitive info, such as credit card numbers, by email.

I'm having a problem with Avast suddenly declaring a forum page I read and post on daily contains malware, and denying the service. This has been happening on Firefox, my primary brower, then again on Chrome, when I tried to access it through that. I get regular email updates from that Forum whenever there's a new post , so I know that others on the site are continuing to access it without problem.

I went to the Avast website and registered, as required, in order to get help with this issue. I got an email back confirming the registration, with a link to activate the registration. Lo and behold, this email contains my user name plus my PASSWORD, spelled out completely for all the world and any hacker to appropriate.

I can't understand how a company that specializes is web security could be so stupid. Or have things changed since, making email very secure?

Well, email is a lot more secure since SSL (https) started to be widely used, this encrypts the traffic so attempted "man in the middle attackers" just get a load of unreadable junk when he tries to intercept.

I'm a member of that forum myself, and you are not the first person to point out the potential problem with this, the topic has been gone over a couple of times over there (on Avast! forum) in the past.

So, in short, is email safer than it used to be? Yes, by far. But is sending passwords via email still an unneeded risk? Yes to that also. But again, much safer than it was. Good on you for even being aware enough to notice though, most people do not even think twice about it.

I hope that Avast is encrypting any email it sends, but my own email is not. I always check for the https: and/or the lock, and my email shows an open lock. If I had replied to that email (which shows the one they sent) without blocking out my password, I would have been sending my own password into cyberspace.

"After 180 days in the U.S., email messages lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record.[7] This means that a subpoena instead of a warrant is all that is needed for a government agency to force email providers such as Google's Gmail to produce a copy.[7] Other countries may even lack this basic protection, and Google's databases are distributed all over the world. Since the Patriot Act was passed, it's unclear whether this ECPA protection is worth much anymore in the U.S., or whether it even applies to email that originates from non-citizens in other countries."

And even if someone tells you it's encrypted, the from, to and other fields are not encrypted because those are needed for the current email system to work.Bob

Your subject title starts with "Sorry...", but then your quote seems to agree with what I'm saying, that Avast emailing my password to me allows the world to see it, either now or later. What am I missing?

You missed nothing. I've told folk for years that email is not secure. And if you want to discuss why, we only need to do a little digging into the FBI's "Going Dark" initiative. I offered more about how your email loses it's protected communication in only 180 days.

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Track this thread and email me when there are updates.Please read before posting

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Old Thread Warning!

This thread is more than days old. It is very likely that it does not need any further discussion and replying to it will serve no purpose. However, if you feel it is necessary to make a new reply, you can still do so.

I am aware that this thread is old, but I still want to post a reply.

Checkbox must be checked in order to post in this old thread.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.